Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure Distributed Matrix Multiplication with Precomputation

Ryann Cartor, Rafael G. L. D'Oliveira, Salim El Rouayheb, Daniel Heinlein, David Karpuk, Alex Sprintson

TL;DR

The paper tackles secure distributed matrix multiplication with honest-but-curious servers by leveraging polynomial codes on an outer product partition: $A=[A_1;\dots;A_K]$, $B=[B_1;\dots;B_L]$, so $AB=\sum_{k,\ell} A_kB_\ell$. It introduces precomputation, allowing the user to offline compute the lower-right corner terms $\alpha_R+\beta_R$, thereby reducing the effective server count to $N^{\text{pre}}$ and enabling toleration of any fixed collusion fraction $\delta<1$. The work provides explicit formulas and bounds for $N^{\text{pre}}$ across the GASP_r family, including special cases $\mathsf{GASP}_{\text{small}}$ and $\mathsf{GASP}_{\text{big}}$, and analyzes time complexity with and without precomputation, showing concrete reductions (e.g., from $O(n^{2.6})$ to $O(n^{2.5})$ when $\omega=3$). Together, these results demonstrate the practical impact of offline preprocessing on security, efficiency, and scalability of SDMM in distributed settings.

Abstract

We consider the problem of secure distributed matrix multiplication in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. We show how to construct polynomial schemes for the outer product partitioning which take advantage of the user's ability to precompute, and provide bounds for our technique. We show that precomputation allows for a reduction in the order of the time complexity for the cases where the number of colluding servers is a fixed percentage of the number of servers. Furthermore, with precomputation, any percentage (less than 100%) of collusions can be tolerated, compared to the upper limit of 50% for the case without precomputation.

Secure Distributed Matrix Multiplication with Precomputation

TL;DR

The paper tackles secure distributed matrix multiplication with honest-but-curious servers by leveraging polynomial codes on an outer product partition: , , so . It introduces precomputation, allowing the user to offline compute the lower-right corner terms , thereby reducing the effective server count to and enabling toleration of any fixed collusion fraction . The work provides explicit formulas and bounds for across the GASP_r family, including special cases and , and analyzes time complexity with and without precomputation, showing concrete reductions (e.g., from to when ). Together, these results demonstrate the practical impact of offline preprocessing on security, efficiency, and scalability of SDMM in distributed settings.

Abstract

We consider the problem of secure distributed matrix multiplication in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. We show how to construct polynomial schemes for the outer product partitioning which take advantage of the user's ability to precompute, and provide bounds for our technique. We show that precomputation allows for a reduction in the order of the time complexity for the cases where the number of colluding servers is a fixed percentage of the number of servers. Furthermore, with precomputation, any percentage (less than 100%) of collusions can be tolerated, compared to the upper limit of 50% for the case without precomputation.
Paper Structure (25 sections, 9 theorems, 37 equations, 2 figures, 1 table)

This paper contains 25 sections, 9 theorems, 37 equations, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Main Contributions
  3. Related Work
  4. Some Notation and Basic Definitions
  5. Polynomial Codes for Secure Distributed Matrix Multiplication
  6. Polynomial Codes without Precomputation
  7. Degree Tables
  8. Polynomial Codes with Precomputation
  9. Two Motivating Examples
  10. $\mathsf{GASP}_{r}$ with Precomputation
  11. The Number of Servers for $\mathsf{GASP}_{r}$ with Precomputation
  12. $\mathsf{GASP}_{\text{small}}$ and $\mathsf{GASP}_{\text{big}}$ with Precomputation
  13. $\mathsf{GASP}_{\text{small}}$ with Precomputation
  14. $\mathsf{GASP}_{\text{big}}$ with Precomputation
  15. Comparing $\mathsf{GASP}_{\text{small}}$ and $\mathsf{GASP}_{\text{big}}$ with Precomputation
  16. ...and 10 more sections

Key Result

Theorem 1

Consider the polynomial code $\mathsf{GASP}_r$ in the precomputation setting, with parameters $K$, $L$, $T$, and $r$. Use Euclidean division to write $T = Ur + r_0$ where $U = \left\lfloor T/r\right\rfloor$ and $0\leq r_0 < r$, as well as $K + T - 1 = VK + K_0$ where $V = \left\lfloor(K+T-1)/K\right

Figures (2)

  • Figure 1: The figure on the left shows the amount of servers needed for $\mathsf{GASP}_{r}$ without precomputation for $K=L=4$. The lower bound is Inequality 1 in Theorem 2 of DegTable/DOliveiraRHK21. The figure on the right shows the amount of servers needed for $\mathsf{GASP}_{r}$ with precomputation for $K=L=4$. The lower bound is the maximum value given by Theorem \ref{['thm:PrecompBound']}.
  • Figure 2: The degree tables for $\mathsf{GASP}_2$, and $\mathsf{GASP}_1$ when $K=L=T=2^2$. The gray regions represent the first time a number appears in a degree table, and denotes the number of distinct nodes needed. It is shown in DegTable/DOliveiraRHK21 that $\mathsf{GASP}_2$ is the best choice for these parameters without precomputation (Tables \ref{['tab:KLT4_example_r1']}, \ref{['tab:KLT4_example_r2']}). When we consider precomputation $\mathsf{GASP}_1$ is better (Tables \ref{['tab:KLT4_example_r1-pre']}, \ref{['tab:KLT4_example_r2-pre']}).

Theorems & Definitions (14)

  • Definition 1
  • Definition 2
  • Theorem 1
  • Theorem 2
  • Theorem 3
  • Theorem 4
  • Theorem 5
  • Corollary 1
  • Theorem 6
  • Corollary 2
  • ...and 4 more